LAB: Configure End to End VPC Endpoint Service

LAB: Configure End to End VPC Endpoint Service

LAB:Configure End to End VPC Endpoint Service

Set up an end-to-end connection between two VPC’s (Services Provider and customer) using Endpoint service. In this lab, we will be creating a service provider VPC with a public subnet which contains a Network load balancer with EC2 Instance having a sample webpage and then create a VPC Endpoint service for the Network Load balancer.

For the customer side, we will be creating a Customer VPC with a public subnet and create a VPC Endpoint and test the connectivity using an EC2 Instance.


Refer below topology to configure VPC Endpoint End to end Service.


  • Create a service provider VPC Dclessons-SP-Network with CIDR:
  • Create and attach an Internet Gateway Dclessons-SP-IGW to VPC Dclessons-SP-Network.
  • Create a Public subnet Dclessons-SP-Public-Subnet- (
  • Create a Public Route Table and associate it with the subnet.
  • Add the public Route to IGW in the Route table in Dclessons-SP-Public-RT.
  • Create an EC2 Instances in subnet Dclessons-SP-Public-Subnet.
  • Create a Network Load Balancer Dclessons-SP-LB in SP VPC.
  • Create an Endpoint service Dclessons-SP-VPC-EP-Service.
  • Create a customer VPC Dclessons-Customer-VPC01 with CIDR:
  • Create and attach an Internet Gateway Dclessons-Customer-IGW to VPC Dclessons-Customer-VPC01.
  • Create a Public subnet Dclessons-Customer-Public-Subnet ( and Create a Public Route Table Dclessons-Customer-Public-RT and associate it with the subnet.
  • Add the public Route with target Dclessons-Customer-IGW in the Route table Dclessons-Customer-Public-RT.
  • Create an EC2 Instance Dclessons-Customer-EC2.
  • Create a VPC Endpoint and connect between Customer and Service Provider VPC.
  • Test the connectivity.


Create VPC

Go to AWS Services | VPC | Create VPC | Under VPC Setting Name: Dclessons-SP-Network with CIDR: | Click Create VPC

Select Internet Gateway | Create Internet Gateway | Name: Dclessons-SP-IGW | Click Create Internet Gateway

Now attach this IGW to SP VPC , as shown below

Configure SP Subnet

Go to Subnet | Under Create Subnet: Select VPC: Dclessons-SP-Network | Subnet Name: Dclessons-SP-Public-Subnet | AZ: Ohio/us-east-2a with IPv4 CIDR:

Create Route Table for SP Public Subnet:

Go to Route table | under create Route Table Name: Dclessons-SP-Public-RT | VPC Name: Dclessons-SP-Network | Click Create Route Table

Under Route table: Dclessons-SP-Public-RT, Select Subnet Association : Click Edit Subnet Association:

Select Dclessons-SP-Public-Subnet and save

Select Route Tab | Edit Routes | and add with target IGW

Configure EC2 instance in SP network:

Launch Amazon Linux AMI with t2.micro Instance , refer below figure for configuration. Under Advance Setting | User data filed , provide following code :


sudo su

yum update -y

yum install httpd -y

systemctl start httpd

systemctl enable httpd

echo "Welcome to DCLESSONS Webserver 1" >> /var/www/html/index.html

systemctl restart http

In Security Group Section | Click to create new Security Group and allow all ports and protocols shown in below figure | Click to review and launch

Under key pair section | Select Create a new Key pair | Name: Webserver | Click Download Key pair and Click Launch Instances.

Configure Load balancer

Under VPC | Click on load balancer Section | Click to create Network Load balancer | Under Basic Configuration: Name: Dclessons-SP-LB | Scheme: Internet-facing | IP address: IPv4 | Select VPC: Dclessons-SP-Network | Mapping: us-east2a with subnet: Dclessons-SP-Public-Subnet and IPv4 address: assigned by AWS.

Now Under Listeners and Routing | Select port 80 with protocol: TCP Port 80 and Click Create Target Group

Under Target Group | Name: Dclessons-SP-LB-TG | Select protocol: TCP and Port: 80 and in Listeners section select target group Dclessons-SP-LB-TG

In Health Check Section | Select health Check protocols: TCP and in Specify Group Details option: Select Instances.

Click Next to go to Register Target Section: Under Register Target, Select Dclessons-Webserver1 Instance | Select: Include as pending below | Click to Create target group.

Click Create Load balancer

Now Once LB is created, you can see DNS name ( A record )  has been provided to LB.


    You are will be the first.


Please login here to comment.